CVE-2025-39839

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The

batadv nc skb decode packet()

function in the batman-adv module does not properly validate the

coded len

variable, potentially leading to out-of-bounds read and write issues during network-coding decode operations. The function trusts

coded len

and only checks it against

skb->len

, without verifying the source skb length. This can occur when XOR operations start at

sizeof(struct batadv unicast packet)

, reducing payload headroom.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

Related Identifiers

CVE-2025-39839

DSA-6008-1

DSA-6009-1

ECHO-3783-4AC0-E043

INFESA-2025_0006

SUSE-SU-2025:3751-1

Debian

Linux Kernel

Batman-Adv